[scponly] How can i install SCPONLY 4.8 on 64-Bit System?

Dave Miller justdave at mozilla.com
Wed Feb 27 10:29:36 EST 2008 

Newsletter wrote on 2/27/08 9:17 AM:
> I believed that scponly is a finished solution to access scp/sftp jails.
> 
> 
> I found nothing in the documentation about "create your own jail-script".
> 
> " Try making your jail manually first and then script it yourself." ->  
> That´s it why i
> want to use scponly. I didn´t want to make my own script.
> 
> Did I misunderstand something there?

Yes.  It's capable of and suggested to operate in a jail, but because of 
distribution and OS differences and differences in library versions, no 
single script can set up a proper jail for everyone.  scponly (or 
specifically scponlyc) will operate in a jail if you create one for it, 
but you have to create it yourself.  The included script is an example 
of how to do it, but it's incomplete, probably intended for an older 
version of whatever distribution of Linux the author was using at the time.

Personally, I recommend using a package like jailkit 
(http://olivier.sessink.nl/jailkit/) to set up your jail.  It has a few 
categories already set up for common services, in addition to doing 
automatic library resolving so you get all the prerequisite libraries 
inside your jail.  Jailkit already has section definitions for scp, 
sftp, and rsync.  Here's the section from jk_init.ini that I use for my 
scp jail that ties those together and adds the other stuff that makes 
scponly be useful:

[scponly]
comment = jail requirements for scponly shell
includesections = scp, sftp, rsync
executables = /bin/chgrp, /bin/chmod, /bin/chown, /bin/cp, /bin/ln, 
/bin/ls, /bin/mkdir, /bin/mv, /bin/rm, /bin/rmdir

As was mentioned above, every distribution is different, so it's best to 
double-check all of the referenced sections in the config to make sure 
they're pulling things from the right paths and so forth.  The above 
config is specific to Fedora 7 using the jailkit RPM from the rpmforge 
repository.

-- 
Dave Miller                                   http://www.justdave.net/
System Administrator, Mozilla Corporation      http://www.mozilla.com/
Project Leader, Bugzilla Bug Tracking System  http://www.bugzilla.org/

More information about the scponly mailing list